PERFORCE change 136599 for review

Christian S.J. Peron csjp at FreeBSD.org
Sat Mar 1 19:30:04 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=136599

Change 136599 by csjp at ibm01 on 2008/03/01 19:29:27

	Introduce crypto_fatal and use that.  Include a "main" for now until things
	are a bit more stable.

Affected files ...

.. //depot/projects/trustedbsd/netauditd/crypto.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/netauditd/crypto.c#4 (text+ko) ====

@@ -24,6 +24,7 @@
  * SUCH DAMAGE.
  */
 #include <stdio.h>
+#include <assert.h>
 
 #include <openssl/ssl.h>
 
@@ -32,6 +33,16 @@
 static char	*crypto_pass;
 
 static int
+crypto_fatal(struct crypto_context *ct, const char *string)
+{
+
+	assert(ct != NULL);
+	BIO_printf(ct->c_bioerror, "%s\n", string);
+	ERR_print_errors(ct->c_bioerror);
+	exit(1);
+}
+
+static int
 crypto_password_cb(char *buf, int num, int rwflag, void *userdata)
 {
 	int slen;
@@ -60,22 +71,22 @@
 	}
 	meth = SSLv23_method();
 	ct->c_ctx = SSL_CTX_new(meth);
-	if (!SSL_CTX_use_certificate_chain_file(ct->c_ctx, "KEYFILE"))
-		berr_exit("Can't read certificate file");
+	if (!SSL_CTX_use_certificate_chain_file(ct->c_ctx, "server.pem"))
+		crypto_fatal(ct, "Can't read certificate file");
 	/*
 	 * XXX we will revisit this.  Just want to get things working.
 	 */
 	crypto_pass = "SeCrET KeY";
 	SSL_CTX_set_default_passwd_cb(ct->c_ctx, crypto_password_cb);
-	if (!SSL_CTX_use_PrivateKey_file(ct->c_ctx, "KEYFILE", SSL_FILETYPE_PEM))
-		berr_exit("Can't read key file");
+	if (!SSL_CTX_use_PrivateKey_file(ct->c_ctx, "server.pem", SSL_FILETYPE_PEM))
+		crypto_fatal(ct, "Can't read key file");
 	/*
-	 * Load trusted certificate authorities from root.pem
+	 * Load trusted certificate authorities from key.pem
 	 */
-	if (!SSL_CTX_load_verify_locations(ct->c_ctx, "root.pem", 0))
-		berr_exit("Can't read CA list");
+	if (!SSL_CTX_load_verify_locations(ct->c_ctx, "key.pem", 0))
+		crypto_fatal(ct, "Can't read CA list");
 	if ((bio = BIO_new_file("DHFILE", "r")) == NULL)
-		berr_exit("Couldn't open DH file");
+		crypto_fatal(ct, "Couldn't open DH file");
 	/*
 	 * If we are initializing this crypto context for serving SSL clients,
 	 * make sure we initialize our Diffie Hellman parameters.
@@ -84,7 +95,7 @@
 		ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
 		BIO_free(bio); 
 		if (SSL_CTX_set_tmp_dh(ct->c_ctx, ret) < 0)
-			berr_exit("Couldn't set DH parameters");
+			crypto_fatal(ct, "Couldn't set DH parameters");
 	}
 	return (0);
 }
@@ -95,3 +106,15 @@
 
 	SSL_CTX_free(ct->c_ctx);
 }
+
+int
+main(int argc, char *argv[])
+{
+	struct crypto_context ct;
+	int error;
+
+	error = crypto_init_context(&ct, CRYPTO_CTX_SERVER);
+	if (error)
+		err(1, "crypto_init_context failed");
+	return (0);
+}

More information about the p4-projects mailing list